Microsoft introduces real-time threat feed

January 25, 2012

Cyber crimes happen everyday, and everyday IT security companies track and record information around these attacks. Microsoft is upping its game and launching a real-time threat feed to ensure that its fellow partners can study current threats it finds and discover the best steps to proactively take against them.

With Microsoft’s success in tackling botnets, they’ve been able to acquire a lot of data around the specific threats these botnets pose. By allowing the botnets to infect highly monitored environments, Microsoft had been able to identify and remove the destructive bots and also find out how they work.

Previously these details had not been shared, but now this data can be shared with the government and private organizations, CERTs, & ISPs. Even though the number of attacks will likely not decrease thanks to this real-time feed, the impact of a feed like this will be amazing. The amount of damage from a cyber attack will probably be greatly reduced because IT security professionals should be able to more rapidly respond to a threat.

Even more importantly than a decline in damage, a live threat feed could mean that the IT security industry overall will begin to share more data. It has been a long-standing belief that sharing established threat data could lead to copycat attacks. However, this is not a sound concern. Cyber criminals are already sharing tips and tricks and ways to get around security systems. It only makes sense for the IT security industry to be sharing their expertise in how to battle these cyber criminals.

Let’s hope that security professionals soon understand that sharing information is more important than secrecy. And let’s hope that Microsoft’s move is a first step in this change of attitude.